I have a SUS server running Server 2012 R2. The only other service running on this machine is a syslog service for logs from our firewall. From the SEPM network log we are seeing these FE80 link local address/s blocking traffic on these FF02 Multi-cast addresses. From researching these multi-cast addresses:
http://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
I see that the following:
16 relates to "All MLDv2-capable routers"
1:3 relates to "Link-local Multicast Name Resolution"
C relates to "SSDP"
and 1:2 relates to "All-dhcp-agents"
| Action | Severity | Direction | Protocol | RemoteHost | LocalHost | Application | Location | Occurrence |
| Blocked | 10 | Incoming | ICMPv6 [type=0x8F, code=0x0] | FE80:0:0:0:287B:535:1D12:B0E5 | FF02:0:0:0:0:0:0:16 | C:\Windows\system32\NTOSKRNL.EXE | Default | 1 |
| Blocked | 10 | Incoming | UDP | FE80:0:0:0:287B:535:1D12:B0E5 | FF02:0:0:0:0:0:1:3 | Default | 4 | |
| Blocked | 10 | Incoming | UDP | FE80:0:0:0:287B:535:1D12:B0E5 | FF02:0:0:0:0:0:0:C | Default | 4 | |
| Blocked | 10 | Incoming | UDP | FE80:0:0:0:41B2:A570:B24A:C65 | FF02:0:0:0:0:0:1:2 | Default | 1 |
So my question here is this, should I create exceptions in the firewall to allow this traffic or what. I am not an IPv6 "dude" and we dont use IPv6 in our network for inter host communication, that I am aware of. The only IPv6 functions we allow are from mobile devices into the mail server through the firewall appliance. What are the best practices or security risks associated with my dilema?